Deputy Manager/Manager - Compliance

Designation/ Role: Compliance - Deputy Manager/Manager

Work Timing: 9 hours/day; 5 days a week flexible shift timing between 10 am to 12 am IST. Should be ready to work as per US shift timings as and when needed.

Qualifications: Graduate (any stream), should hold the Lead Auditor on ISO27001/PCI DSS/CEH-EC council/CISA.

Key: ISO 27001:2013 (ISMS), HIPAA, SOC 2 Type II, HITRUST, VAPT, PCI DSS and Cyber Security Assessments.

Skills & Experience Mandatory :

- Knowledge of the latest ISO 27001 standard, PCI DSS, and HIPAA

- Internal and External audit experience of ISO standards ISO 27001

- Knowledge and audit experience of HIPAA compliance and HITRUST requirements

- Should know/have hands-on experience on working on SOC 2/ HITRUST/PCI DSS requirements.

- Should know the basic ITGC controls/Information Security

- Good written and verbal communication skills

- Experience in coordinating with the vendor and internal stakeholders for different compliance tasks.

- Experience in handling Cyber Security audits/assessments.

- Certified Lead Auditor for ISMS and Certified PCI DSS implementor

- 5+ years of relevant experience in the same field.

Desired

- Knowledge of Information Security

- Knowledge of PCI DSS and VAPT assessments

- Knowledge of HiTrust Audit

Job Summary:

- Compliance AM/DM will be a part of the core compliance team and will help drive, manage, implement, and evaluate the certification and compliance standards Infinx is certified for i.e., ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, and Cyber Security Assessments.

Duties and responsibilities:

- Communicate with internal and external stakeholders for all compliance related activities.

- Participate in Compliance audit programs both internal and external for ISO, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, Cyber Security assessments, etc., as and when needed.

- Develop and review company policies and procedures, handle training programs and monitoring compliance related matters

- Educate stakeholders to implement corrective actions

- Ensure corrective actions are adequate and have been implemented for all identified compliance deficiencies.

- Promote awareness related to information privacy and security and enforce compliance across the enterprise

- Help Implement and manage compliance program effectively.

- Report MR/CISO/management about the status of compliance in the organization through detailed reports.

- Create, manage, and track effective action plans in response to audit observations and compliance violations.

- Manage and perform internal audits to identify possible weaknesses or risks to the company's information security management system.

- Perform additional audits as and when required.

- Assess the organization's processes to determine the compliance risk and formulate necessary risk mitigation plans.

- Ensure all employees are aware about their compliance responsibilities.